Merge remote-tracking branch 'origin/master' into release51

jstarpl · jstarpl · commit b06a4e5aac54 · 2024-10-07T13:04:10.000+02:00
diff --git a/.github/workflows/node.yaml b/.github/workflows/node.yaml
@@ -240,6 +240,8 @@ jobs:
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
@@ -389,6 +391,8 @@ jobs:
       - name: Trivy scanning
         if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: "${{ steps.trivy-image.outputs.image }}"
           format: "table"
diff --git a/.github/workflows/prune-container-images.yml b/.github/workflows/prune-container-images.yml
@@ -7,6 +7,8 @@ on:
 
 jobs:
   prune-container-images:
+    if: ${{ github.repository_owner == 'nrkno' }}
+    
     uses: nrkno/sofie-github-workflows/.github/workflows/prune-container-images.yml@main
     strategy:
       max-parallel: 1
diff --git a/.github/workflows/prune-tags.yml b/.github/workflows/prune-tags.yml
@@ -16,6 +16,8 @@ on:
 
 jobs:
   prune-tags:
+    if: ${{ github.repository_owner == 'nrkno' }}
+    
     name: Prune tags
     runs-on: ubuntu-latest
     timeout-minutes: 15
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -6,6 +6,8 @@ on:
 
 jobs:
   trivy:
+    if: ${{ github.repository_owner == 'nrkno' }}
+
     name: Trivy scan
     runs-on: ubuntu-latest
     strategy:
@@ -16,13 +18,17 @@ jobs:
     steps:
       - name: Run Trivy vulnerability scanner (json)
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           format: json
           output: '${{ matrix.image }}-trivy-scan-results.json'
 
       - name: Run Trivy vulnerability scanner (table)
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest
           output: '${{ matrix.image }}-trivy-scan-results.txt'
@@ -39,6 +45,8 @@ jobs:
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
           format: 'github'
           output: 'dependency-results-${{ matrix.image }}.sbom.json'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -9,4 +9,5 @@ This repository uses the following branches:
 * **_master_** is our main branch. We consider it stable and it is used in production.
 * The **_releaseXX_** branches are our in-development branches. When a release is ready, we decide to “freeze” that branch and create a new **_releaseXX+1_** branch.
 
-We encourage you to base your contributions on the latest **_releaseXX_** branch, alternatively the **_master_** branch or a recently frozen **_releaseXX_** branch. The [_Sofie Releases_](https://nrkno.github.io/sofie-core/releases) page collects the status and timeline of the releases.
+We require contributions to be based based on the latest **_release\*_** branch.
+The [_Sofie Releases_](https://nrkno.github.io/sofie-core/releases) page collects the status and timeline of the releases.
diff --git a/packages/documentation/docs/for-developers/contribution-guidelines.md b/packages/documentation/docs/for-developers/contribution-guidelines.md
@@ -7,6 +7,8 @@ sidebar_position: 2
 
 # Contribution Guidelines
 
+_Last updated september 2024_
+
 ## About the Sofie TV Studio Automation Project
 
 The Sofie project includes a number of open source applications and libraries developed and maintained by the Norwegian public service broadcaster, [NRK](https://www.nrk.no/about/). Sofie has been used to produce live shows at NRK since September 2018.
@@ -35,8 +37,8 @@ However, Sofie is a big project with many differing users and use cases. **Large
 3. (If needed) NRK establishes contact with the RFC author, who will be invited to a workshop where the RFC is discussed. Meeting notes are published publicly on the RFC thread.
 4. The contributor references the RFC when a pull request is ready.
 
-### Base contributions on the in-development branch (or the master branch)
-In order to facilitate merging, we ask that contributions are based on the latest (at the time of the pull request) _in-development_ branch (often named `release*`), alternatively the stable (eg. `master`) branch. NRK will take responsibility for rebasing stable contributions to the latest in-development branch if needed.
+### Base contributions on the in-development branch
+In order to facilitate merging, we ask that contributions are based on the latest (at the time of the pull request) _in-development_ branch (often named `release*`).
 See **CONTRIBUTING.md** in each official repository for details on which branch to use as a base for contributions.
 
 ## Developer Guidelines
